A standard Token Curated Registry (TCR) uses a token-based voting mechanism to curate a list of high-quality items, like reputable DAOs or verified oracles. Participants stake tokens to propose, challenge, or vote on listings. However, this pure token-weighted model has flaws: it's susceptible to sybil attacks (creating many fake identities) and allows wealthy actors to dominate decisions regardless of their expertise. Reputation-enhanced TCRs address this by layering a non-transferable reputation score on top of the token stake, making governance more meritocratic and attack-resistant.
LABS
Guides
How to Implement Reputation in Token Curated Registries
This guide provides a technical implementation for integrating reputation scores into Token Curated Registries (TCRs). It covers contract architecture, vote weighting, challenge mechanics, and curator pool management with executable code.
Chainscore © 2026
introduction
TUTORIAL
How to Implement Reputation in Token Curated Registries
A guide to enhancing Token Curated Registries (TCRs) with reputation systems to improve curation quality and reduce governance attacks.
Implementing a reputation layer requires defining how reputation is earned, stored, and applied. A common design uses a Soulbound Token (SBT) or a non-transferable ERC-721 token to represent reputation. Scores are typically updated by a smart contract based on on-chain behavior: - Successfully adding a valuable item to the registry - Winning a challenge as a voter or challenger - Consistently voting with the majority (measuring alignment). Reputation decays over time or can be slashed for malicious actions, ensuring active, honest participation is rewarded.
Here is a simplified Solidity code snippet for a contract that mints and manages reputation SBTs. This contract would be referenced by your main TCR logic.
solidity// SPDX-License-Identifier: MIT import "@openzeppelin/contracts/token/ERC721/ERC721.sol"; contract ReputationToken is ERC721 { address public admin; // TCR main contract address mapping(uint256 => uint256) public repScore; // tokenId -> score constructor() ERC721("TCRRep", "REP") { admin = msg.sender; } modifier onlyAdmin() { require(msg.sender == admin, "Not authorized"); _; } function mintReputation(address to, uint256 tokenId, uint256 score) external onlyAdmin { _safeMint(to, tokenId); repScore[tokenId] = score; } function updateScore(uint256 tokenId, int256 delta) external onlyAdmin { if (delta > 0) { repScore[tokenId] += uint256(delta); } else { // Prevent underflow uint256 absDelta = uint256(-delta); if (repScore[tokenId] > absDelta) { repScore[tokenId] -= absDelta; } else { repScore[tokenId] = 0; } } } }
Integrating reputation into TCR voting logic changes the decision-making calculus. Instead of a vote's weight being solely tokens_staked, it becomes a function like vote_power = sqrt(tokens_staked * reputation_score). This quadratic-like weighting reduces the marginal power of large token holders and amplifies the influence of knowledgeable participants with high reputation. The TCR's challenge and reward mechanisms must also be updated. For example, the require() statement for submitting a proposal could check a minimum reputation threshold, and dispute resolution rewards could be distributed based on a combination of staked tokens and voter reputation.
Practical applications for reputation-enhanced TCRs are growing. The Kleros Curate registry uses a similar merit-based system for its jurors. In DAO curation, a TCR could list vetted working groups, weighting votes from members with a proven track record higher. For oracle or data provider lists, reputation scores based on historical accuracy and uptime create a more resilient and trustworthy registry. When designing your system, key parameters to calibrate include: reputation decay rate, the formula for vote weighting, and the cost to attack the system versus the value of the curated list.
To get started, fork and study existing implementations like the AdChain Registry or Kleros's contracts. Use testnets like Sepolia to simulate registry cycles and attack vectors. The goal is to create a self-reinforcing system where good curation earns reputation, which then leads to better future curation. By implementing reputation, you move beyond simple token plutocracy and build a TCR that more reliably surfaces quality in domains like credential verification, marketplace badges, or infrastructure whitelists.
prerequisites
TCR REPUTATION IMPLEMENTATION
Prerequisites and System Architecture
Building a robust reputation system for a Token Curated Registry requires careful planning of its core components and their interactions. This section outlines the foundational elements you need before writing any code.
A Token Curated Registry (TCR) is a decentralized list maintained by token holders who stake to add, challenge, or vote on entries. The core challenge is preventing Sybil attacks and ensuring curation quality. A reputation system addresses this by weighting votes or staking power based on a participant's historical performance, not just their token balance. Before implementation, you must define the registry's purpose (e.g., a list of verified DAO tools, credible news sources) and the specific reputation metrics, such as successful challenge rate or proposal accuracy.
The system architecture typically involves several smart contracts. You'll need a main Registry contract to manage the list lifecycle (apply, challenge, resolve). A separate Reputation contract is essential to track scores, often using a non-transferable ERC-20 or ERC-1155 token to represent reputation points. An Oracle or Dispute Resolution module (like a Kleros court or a custom voting round) is required to adjudicate challenges and update reputation scores based on outcomes. These contracts must be designed to interact seamlessly, with the Registry querying the Reputation contract for vote weights.
Key technical prerequisites include proficiency with a smart contract language like Solidity or Vyper, and a development framework such as Hardhat or Foundry. You'll need to understand upgrade patterns (like Transparent Proxy or UUPS) if you plan to iteratively improve the reputation logic. Familiarity with oracle integration patterns is crucial for fetching off-chain data or dispute results. Setting up a local testnet (Hardhat Network, Anvil) and a testnet deployment (Sepolia, Goerli) is necessary for development and simulation of complex challenge scenarios.
The reputation scoring algorithm is the heart of the system. A simple model might award points for successful proposals and deduct for failed challenges. More advanced models can use Bayesian averages or time-decay functions to prioritize recent behavior. For example, a user's vote weight could be calculated as (token_balance * sqrt(reputation_score)) to balance capital and credibility. This logic must be gas-optimized and securely implemented in the Reputation contract to prevent manipulation of the score calculation.
Finally, consider the data layer and front-end integration. Reputation scores and historical actions should be indexed using a subgraph (The Graph) or an indexer for efficient querying by a dApp interface. The front-end must clearly display user reputation, the current registry state, and the implications of reputation on stake requirements and voting power. Thorough testing with simulated adversarial actors is non-negotiable before mainnet deployment to ensure the system's economic security and resistance to gamification.
core-components
TOKEN CURATED REGISTRIES
Core Contract Components
Implementing a robust reputation system is critical for TCR integrity. These components manage stake, voting, and member status.
03
Registry and Listing Status
The main registry contract stores the canonical list of approved entries and their metadata. It must:
- Maintain State: Track each entry's status (
0 = not listed,1 = listed,2 = challenged). - Handle Applications: Process new submissions, which require a deposit.
- Execute Challenges: Update an entry's status based on voting outcomes, transferring deposits to the winner.
- Emit Events: Log all major state changes (Application, Challenge, Deposit, Withdrawal) for off-chain indexers.
This is the central state machine of the TCR.
04
Parameter Store
A separate contract or module that holds upgradeable governance parameters. This avoids hardcoding values and allows the TCR to evolve. Key parameters include:
- Stake Amounts: Minimum stake to apply or challenge.
- Voting Durations: Length of commit and reveal periods.
- Challenge Reward Divisor: The percentage of the loser's stake awarded to the winning voters.
- Governance Address: Who can update these parameters (often a DAO or multisig).
Separating parameters reduces upgrade complexity and gas costs for frequent operations.
05
Reputation Token (ERC-20/ERC-1155)
The token used for staking and voting. Considerations:
- ERC-20 vs ERC-1155: A standard ERC-20 is typical, but ERC-1155 can represent multiple stake tiers in a single contract.
- Transfer Restrictions: The contract may need to restrict transfers during active challenges or lock-up periods.
- Minting/Burning: Some TCRs mint tokens as rewards for good curation; others use a fixed supply.
The token's economic design directly impacts the cost of attack and the quality of curation.
06
Challenge Logic & Resolution
This is the business logic executed when a listing is challenged. It:
- Initiates a Vote: Creates a new poll in the voting contract, funded by the challenger's stake.
- Manages the Dispute: Locks the applicant's deposit and the challenger's stake for the duration.
- Executes the Outcome: If the challenge succeeds (listing is rejected), the applicant's deposit is slashed and distributed to winning voters. If it fails (listing is upheld), the challenger's stake is slashed.
- Updates Registry: Returns the entry to
listedor removes it based on the result.
reputation-token-implementation
CORE CONTRACT
Step 1: Implementing the Reputation Token
This guide details the implementation of a non-transferable reputation token, the foundational contract for a Token Curated Registry (TCR).
The reputation token is the core governance asset in a TCR. Unlike typical ERC-20 tokens, it is designed to be non-transferable (soulbound) to prevent vote-buying and ensure that governance power is tied to a participant's long-term commitment and curated contributions. The standard implementation is an ERC-20 token with a modified transfer and transferFrom function that always reverts. This enforces the soulbound property at the protocol level.
solidityfunction transfer(address to, uint256 amount) public virtual override returns (bool) { revert("ReputationToken: non-transferable"); }
Reputation is minted and burned by the TCR's controller contract (which we'll build in Step 2). The reputation token contract should therefore implement a mint and burn function, but crucially, these functions must be permissioned. They should include an access control modifier, like onlyController, that restricts calls to a single, trusted address. This ensures only the TCR's governance logic can alter the reputation supply, maintaining system integrity.
solidityfunction mint(address to, uint256 amount) external onlyController { _mint(to, amount); }
A key design consideration is the initial distribution of reputation. Common patterns include: a genesis airdrop to bootstrap the registry, granting reputation as a reward for successful curation (e.g., voting correctly on a list application), or a staking mechanism where locked collateral converts to reputation over time. The minting logic in the controller will define this. The token contract itself remains agnostic, simply executing mint/burn instructions from its authorized caller.
For developers, using OpenZeppelin's ERC20 and Ownable or AccessControl libraries provides a secure foundation. The final contract is simple by design—its primary job is to be a secure, immutable ledger of non-transferable voting power. All complex logic for earning, losing, and using reputation resides in the separate, upgradeable controller contract. This separation of concerns enhances security and allows the TCR's rules to evolve without migrating the core token ledger.
registry-integration
IMPLEMENTING REPUTATION LOGIC
Step 2: Modifying the Registry Contract
This step integrates a reputation system into the core TCR smart contract, moving beyond simple token-weighted voting.
The core modification involves adding a reputation mapping and a mechanism to update it based on user actions. Instead of a simple mapping(address => uint256) public balances;, you now need mapping(address => uint256) public reputation;. Reputation is non-transferable and distinct from the user's token balance, which may still be used for staking in listings. Initial reputation can be assigned upon token holding, past participation, or start at zero.
Key contract functions must be updated to alter reputation scores. When a user's vote aligns with the final outcome of a challenge (e.g., voting to keep a legitimate listing or remove a spam one), their reputation should increase. Conversely, consistently incorrect votes should decrease reputation. This requires the contract to store vote records and calculate outcomes before applying reputation updates. A common pattern is to use a commit-reveal scheme for voting to prevent last-minute manipulation.
The challenge and voting logic must be refactored to use reputation-weighted voting. Replace a simple token count with a reputation tally. For example, the function _tallyVotes would iterate over votes and sum the reputation of voters for each side, not their token balance. This ensures influence in governance is earned through accurate participation, not merely capital. The AdChain Registry provides a foundational example of a TCR, though it uses token-weighted voting.
It is critical to implement safeguards against reputation gaming. Consider implementing a decay mechanism where reputation slowly decreases over time if a user is inactive, encouraging ongoing participation. Additionally, cap the reputation gain or loss from a single event to prevent sybil attacks from concentrating on one decision. The applyReputationUpdate function should include these bounds and decay calculations.
Finally, emit events for all reputation changes to allow off-chain applications to track user standing. A well-structured event like ReputationUpdated(address indexed participant, int256 change, uint256 newScore, bytes32 reason) provides transparency. This modified contract forms the decentralized backbone, where reputation becomes the primary metric for user influence and curation quality.
REPUTATION SYSTEMS
Voting Mechanism Comparison
Comparison of voting mechanisms for TCR applications, focusing on their suitability for reputation-based governance.
| Mechanism | Token-Curated Registry (TCR) | Conviction Voting | Quadratic Voting | Holographic Consensus |
|---|---|---|---|---|
Primary Use Case | Curation of lists (e.g., registries) | Continuous funding allocation | Preference aggregation | Scalable prediction markets |
Reputation Integration | ||||
Vote Cost | Stake is locked, can be slashed | No direct cost, uses time-based conviction | Cost scales quadratically with votes | Stake is locked on predictions |
Sybil Resistance | High (costly token stake) | Medium (requires token holding) | Low (requires identity proof) | High (costly stake on outcomes) |
Vote Finality | Challenge period (e.g., 7 days) | Continuous, weight changes over time | Instant per proposal | Reveal period after market closes |
Complexity for Voters | Low | Medium | Low | High |
Gas Efficiency | Low (on-chain challenges) | Medium (continuous calculations) | High (simple tally) | Very Low (highly complex) |
Used By | AdChain, Kleros TCR | 1Hive, Commons Stack | Gitcoin Grants, Radicle | DAOstack Alchemy |
challenge-mechanics
IMPLEMENTATION
Step 3: Reputation-Staked Challenges
This guide explains how to implement a challenge mechanism in a Token Curated Registry (TCR) using a reputation-staked model, moving beyond simple token deposits to create more sophisticated governance.
A repetition-staked challenge enhances the basic TCR model by requiring challengers to stake their personal reputation score instead of, or in addition to, a generic token. This system, popularized by projects like AdChain, aligns incentives more closely with long-term ecosystem health. A user's reputation is a non-transferable metric, often an NFT or an on-chain score, that accumulates based on their historical performance within the registry—successful applications, accurate challenges, and good voting behavior. Staking this reputation creates a stronger "skin in the game" scenario than staking a fungible token alone.
To implement this, your smart contract must manage two separate staking mechanisms. First, the application stake, typically a fixed amount of the registry's native token (e.g., 1000 REG). Second, the challenge stake, which is a function of the challenger's reputation. A simple formula could be: requiredChallengeStake = baseStake * (1 / challengerReputationScore). This means a user with a high reputation score needs to stake fewer tokens, as their reputation itself carries weight. The contract must track reputation balances and include logic to slash or reward them based on challenge outcomes.
Here is a simplified Solidity code snippet outlining the challenge initiation logic using a reputation multiplier. Note that reputationToken would be an ERC-721 or a soulbound token tracking non-transferable scores.
solidityfunction challengeApplication(uint applicationId) external { Application storage app = applications[applicationId]; require(app.status == Status.Pending, "App not pending"); uint challengerRep = reputationToken.balanceOf(msg.sender); require(challengerRep > 0, "No reputation"); // Calculate required stake: higher rep = lower token stake uint tokenStakeRequired = BASE_CHALLENGE_STAKE / challengerRep; require(tokenStakeRequired >= MIN_STAKE, "Stake too low"); // Transfer challenge tokens and lock reputation require( registryToken.transferFrom(msg.sender, address(this), tokenStakeRequired), "Token transfer failed" ); reputationToken.lockForChallenge(msg.sender, applicationId); app.challengeStake = tokenStakeRequired; app.challenger = msg.sender; app.status = Status.Challenged; }
The dispute resolution phase is where reputation is truly put to the test. Once a challenge is issued, the dispute typically goes to a decentralized oracle or a token-weighted vote. If the challenger wins, their staked tokens are returned, they receive a portion of the applicant's lost stake as a reward, and their reputation score is increased. If they lose, their staked tokens are slashed and distributed (often to voters or a treasury), and their reputation score is decreased. This direct feedback loop ensures that reputation accurately reflects a participant's judgment and contribution to the registry's quality.
Key design considerations include setting the reputation decay or lock-up periods to prevent abuse. For instance, reputation used in a challenge might be locked and unavailable for other actions until the dispute is resolved. You must also decide if reputation is fully slashable or has a protected minimum. Furthermore, the economic model must be balanced so that the cost to challenge (token stake + reputation risk) is proportional to the potential reward, preventing both excessive frivolous challenges and voter apathy. Auditing the vote incentive mechanism is critical, as it is the core oracle determining reputation outcomes.
In practice, integrating with a decentralized court system like Kleros or Aragon Court can handle the dispute resolution, allowing your TCR to focus on registry logic. The final step is to emit clear events for off-chain indexers and front-ends, such as ApplicationChallenged, ReputationStaked, and ChallengeResolved. This completes a robust, reputation-aware challenge system that incentivizes high-quality curation and sustainable community governance for your Token Curated Registry.
curator-curation
IMPLEMENTING REPUTATION
Step 4: Curating the Curator Pool
A Token Curated Registry (TCR) is only as reliable as its curators. This step focuses on implementing a reputation system to manage curator quality and incentivize good behavior.
A naive TCR allows any token holder to participate in curation, which can lead to low-quality submissions and governance attacks. A reputation system addresses this by weighting a curator's voting power. Instead of 1 token = 1 vote, influence becomes reputation_score * staked_tokens. This system protects the registry by diluting the impact of malicious or uninformed actors who hold tokens but lack curation expertise.
Implementing reputation requires tracking a score for each curator address. A common approach is to use a separate Reputation smart contract that records scores and allows the TCR's voting logic to query them. The score can be updated based on curator performance metrics, such as: - Voting alignment with the majority on accepted/rejected proposals - The quality of their own submissions to the registry - Successful challenges to their votes or submissions.
Reputation should decay over time to ensure active participation. A simple formula is reputation = previous_reputation * decay_factor. For example, a monthly 5% decay (decay_factor = 0.95) incentivizes curators to remain engaged. This mechanism prevents the system from being controlled by a static, potentially outdated cohort and encourages a meritocratic turnover within the curator pool.
The reputation contract must be permissioned, allowing only authorized updaters (often the TCR contract itself or a dedicated governance module) to modify scores. A basic Solidity struct and mapping can store this data:
soliditystruct CuratorRep { uint256 score; // e.g., a value between 0-100 uint256 lastUpdated; } mapping(address => CuratorRep) public curatorReputation;
The voting function would then calculate voting power as votes = stakedTokens * (curatorReputation[voter].score / 100).
Integrating this with the TCR's challenge mechanism is crucial. When a challenge succeeds, the curators who voted for the losing side could have their reputation scores slightly reduced. Conversely, successful challenges or accurate votes could yield reputation rewards. This creates a skin-in-the-game feedback loop, aligning individual curator incentives with the long-term health and accuracy of the entire registry.
TCR REPUTATION
Frequently Asked Questions
Common technical questions and solutions for implementing and managing reputation systems within Token Curated Registries.
Reputation in a Token Curated Registry (TCR) serves as a non-transferable, staked metric of a participant's skin-in-the-game. Unlike the transferable tokens used for voting and deposits, reputation is earned through positive contributions and is slashed for malicious actions. Its primary purposes are:
- Sybil Resistance: It makes it costly to create multiple fake identities (Sybils) to manipulate the registry, as building reputation requires consistent, verifiable good behavior.
- Weighted Influence: Reputation can be used to weight a participant's vote, ensuring that users with a proven track record have more say in curation decisions than new or untrusted accounts.
- Long-Term Alignment: By making reputation non-transferable and subject to slashing, it incentivizes participants to act in the long-term health of the registry, not just for short-term token gains.
resource-links
GUIDES
Implementation Resources
Tools, protocols, and design patterns for adding reputation-aware incentives and credible signaling to Token Curated Registries. Each resource focuses on a concrete implementation path used in production systems.
conclusion-next-steps
IMPLEMENTATION CHECKLIST
Conclusion and Next Steps
This guide has outlined the core components for implementing a reputation system in a Token Curated Registry (TCR). The next step is to integrate these concepts into a production-ready smart contract.
To summarize, a robust TCR reputation system requires a multi-faceted approach. You must implement a staking and slashing mechanism to financially incentivize honest curation, a time-decay function to ensure reputation remains current, and a delegation system to allow token holders to participate without being full-time curators. Each of these components interacts to create a dynamic score that reflects a participant's long-term, valuable contributions to the registry's integrity, moving beyond simple token ownership.
For your next development steps, begin by forking and auditing an existing TCR base contract, such as the AdChain Registry or Kleros TCR. Integrate the reputation logic as a separate, upgradeable module. Key functions to write include calculateReputation(address curator) which returns a uint score based on stake, successful challenges, and decay, and slashReputation(address maliciousCurator, uint amount) which reduces stake and score. Always use established libraries like OpenZeppelin's SafeMath and implement comprehensive event logging for transparency.
Finally, thoroughly test your implementation. Use a framework like Hardhat or Foundry to simulate edge cases: a curator delegating then being slashed, reputation decaying to zero over a long period, or multiple conflicting challenges. Consider integrating with oracles like Chainlink for external data in challenge disputes. Your reputation system's security is paramount; a bug here could destroy the economic incentives of the entire TCR. For further reading, review the MolochDAO v2 reputation module and the paper "Token-Curated Registries 1.0" by Mike Goldin.